sshd_config ChrootDirectory ambiguity...
Robert Waite
"This path, and all its components, must be root-owned directories
that are not writable by any other user or group."
When I first read this "all its components" seemed to mean that
all directories and files within this directory must be root owned
and root only writable. This seemed odd as I would not be able
to allow uploads if this was true.
In this ChrootDirectory I have three folders. I set them all to be
owned by a non root user and writable by a group. When I log in, it
works just as I hoped and I am able to upload now.
I would have figured at the very least that "all its components" would
mean that direct children of the ChrootDirectory would have to have the
above mentioned restrictions. However, it did work.
So my question is... what is meant by "all its components"?
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Scott Neugroschl
>
> Under "ChrootDirectory" there is a line that says,
>
> "This path, and all its components, must be root-owned directories
> that are not writable by any other user or group."
>
> When I first read this "all its components" seemed to mean that
> all directories and files within this directory must be root owned
> and root only writable. This seemed odd as I would not be able
> to allow uploads if this was true.
>
> In this ChrootDirectory I have three folders. I set them all to be
> owned by a non root user and writable by a group. When I log in, it
> works just as I hoped and I am able to upload now.
> I would have figured at the very least that "all its components" would
> mean that direct children of the ChrootDirectory would have to have
the
> above mentioned restrictions. However, it did work.
>
> So my question is... what is meant by "all its components"?
[[SAN]]
If the chrooted path is /a/b/c/d/e, the all of /a, /a/b, /a/b/c,
/a/b/c/d,
and /a/b/c/d/e must be owned by root, and only root writable.
Otherwise, it's possible to spoof, by $EVILUSER renaming /a/b/c to
/a/b/c.real
and putting their own evil /a/b/c in place.
I did this once (with management permission), when we needed root access
to a
system, the admin wasn't available, and he'd foolishly left / as world
writeable.
I renamed /etc, created a new /etc with a dummy /etc/passwd, and logged
in as root.
Ugly, and should never have been possible, but it worked.
Markus Friedl
On Thu, Nov 05, 2009 at 02:38:05PM -0500, Robert Waite wrote:
> Under "ChrootDirectory" there is a line that says,
>
> "This path, and all its components, must be root-owned directories
> that are not writable by any other user or group."
>
> When I first read this "all its components" seemed to mean that
> all directories and files within this directory must be root owned
> and root only writable. This seemed odd as I would not be able
> to allow uploads if this was true.
>
> In this ChrootDirectory I have three folders. I set them all to be
> owned by a non root user and writable by a group. When I log in, it
> works just as I hoped and I am able to upload now.
> I would have figured at the very least that "all its components" would
> mean that direct children of the ChrootDirectory would have to have the
> above mentioned restrictions. However, it did work.
>
> So my question is... what is meant by "all its components"?
Robert Waite
also an old school linux kernel hacker and both were confused as well.
Thanks for the quick response (to Scott as well)!